Correct NAT for IMAP Client

Hi community,

currently I am running out of ideas how to correctly NAT internally connected IMAP clients to our internal mail server.

Following setup:

- IMAP client account with over port 993 configured
- Masquerading: Internal (Network) -> External
- DNAT: Internet IPv4 -> IMAP SSL -> External (Address) --> internal IP mailserver (mail.internal.local)
- I made sure nothing of the IMAP traffic gets blocked by the firewall
- WLAN internal bridged to AP LAN


- IMAP connection works if the client connects from outside the internal network (e.g. WLAN at home)
- IMAP connection does NOT work if the client is connected via internal WLAN


- running a tcpdump shows, the client establishes connection to but gets answers from mail.internal.local

So I tried to set up SNAT to change the answer from mail.internal.local to and a DNAT to change the destination of internal requests from to mail.internal.local.

tcpdump again:

- now it showed requests and answers to and from

But still, the internally connected IMAP client can't connect to the mail server over 993.

Maybe someone is able to enlighten me here. :)